google-cloud-container_analysis-v1 0.1.2 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -70,7 +70,16 @@ module Google
70
70
  # .setNanos((int) ((millis % 1000) * 1000000)).build();
71
71
  #
72
72
  #
73
- # Example 5: Compute Timestamp from current time in Python.
73
+ # Example 5: Compute Timestamp from Java `Instant.now()`.
74
+ #
75
+ # Instant now = Instant.now();
76
+ #
77
+ # Timestamp timestamp =
78
+ # Timestamp.newBuilder().setSeconds(now.getEpochSecond())
79
+ # .setNanos(now.getNano()).build();
80
+ #
81
+ #
82
+ # Example 6: Compute Timestamp from current time in Python.
74
83
  #
75
84
  # timestamp = Timestamp()
76
85
  # timestamp.GetCurrentTime()
@@ -0,0 +1,118 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Metadata for any related URL information.
23
+ # @!attribute [rw] url
24
+ # @return [::String]
25
+ # Specific URL associated with the resource.
26
+ # @!attribute [rw] label
27
+ # @return [::String]
28
+ # Label to describe usage of the URL.
29
+ class RelatedUrl
30
+ include ::Google::Protobuf::MessageExts
31
+ extend ::Google::Protobuf::MessageExts::ClassMethods
32
+ end
33
+
34
+ # Verifiers (e.g. Kritis implementations) MUST verify signatures
35
+ # with respect to the trust anchors defined in policy (e.g. a Kritis policy).
36
+ # Typically this means that the verifier has been configured with a map from
37
+ # `public_key_id` to public key material (and any required parameters, e.g.
38
+ # signing algorithm).
39
+ #
40
+ # In particular, verification implementations MUST NOT treat the signature
41
+ # `public_key_id` as anything more than a key lookup hint. The `public_key_id`
42
+ # DOES NOT validate or authenticate a public key; it only provides a mechanism
43
+ # for quickly selecting a public key ALREADY CONFIGURED on the verifier through
44
+ # a trusted channel. Verification implementations MUST reject signatures in any
45
+ # of the following circumstances:
46
+ # * The `public_key_id` is not recognized by the verifier.
47
+ # * The public key that `public_key_id` refers to does not verify the
48
+ # signature with respect to the payload.
49
+ #
50
+ # The `signature` contents SHOULD NOT be "attached" (where the payload is
51
+ # included with the serialized `signature` bytes). Verifiers MUST ignore any
52
+ # "attached" payload and only verify signatures with respect to explicitly
53
+ # provided payload (e.g. a `payload` field on the proto message that holds
54
+ # this Signature, or the canonical serialization of the proto message that
55
+ # holds this signature).
56
+ # @!attribute [rw] signature
57
+ # @return [::String]
58
+ # The content of the signature, an opaque bytestring.
59
+ # The payload that this signature verifies MUST be unambiguously provided
60
+ # with the Signature during verification. A wrapper message might provide
61
+ # the payload explicitly. Alternatively, a message might have a canonical
62
+ # serialization that can always be unambiguously computed to derive the
63
+ # payload.
64
+ # @!attribute [rw] public_key_id
65
+ # @return [::String]
66
+ # The identifier for the public key that verifies this signature.
67
+ # * The `public_key_id` is required.
68
+ # * The `public_key_id` MUST be an RFC3986 conformant URI.
69
+ # * When possible, the `public_key_id` SHOULD be an immutable reference,
70
+ # such as a cryptographic digest.
71
+ #
72
+ # Examples of valid `public_key_id`s:
73
+ #
74
+ # OpenPGP V4 public key fingerprint:
75
+ # * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
76
+ # See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
77
+ # details on this scheme.
78
+ #
79
+ # RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
80
+ # serialization):
81
+ # * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
82
+ # * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
83
+ class Signature
84
+ include ::Google::Protobuf::MessageExts
85
+ extend ::Google::Protobuf::MessageExts::ClassMethods
86
+ end
87
+
88
+ # Kind represents the kinds of notes supported.
89
+ module NoteKind
90
+ # Unknown.
91
+ NOTE_KIND_UNSPECIFIED = 0
92
+
93
+ # The note and occurrence represent a package vulnerability.
94
+ VULNERABILITY = 1
95
+
96
+ # The note and occurrence assert build provenance.
97
+ BUILD = 2
98
+
99
+ # This represents an image basis relationship.
100
+ IMAGE = 3
101
+
102
+ # This represents a package installed via a package manager.
103
+ PACKAGE = 4
104
+
105
+ # The note and occurrence track deployment events.
106
+ DEPLOYMENT = 5
107
+
108
+ # The note and occurrence track the initial discovery status of a resource.
109
+ DISCOVERY = 6
110
+
111
+ # This represents a logical "role" that can attest to artifacts.
112
+ ATTESTATION = 7
113
+
114
+ # This represents an available package upgrade.
115
+ UPGRADE = 8
116
+ end
117
+ end
118
+ end
@@ -0,0 +1,111 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # Common Vulnerability Scoring System version 3.
23
+ # For details, see https://www.first.org/cvss/specification-document
24
+ # @!attribute [rw] base_score
25
+ # @return [::Float]
26
+ # The base score is a function of the base metric scores.
27
+ # @!attribute [rw] exploitability_score
28
+ # @return [::Float]
29
+ # @!attribute [rw] impact_score
30
+ # @return [::Float]
31
+ # @!attribute [rw] attack_vector
32
+ # @return [::Grafeas::V1::CVSSv3::AttackVector]
33
+ # Base Metrics
34
+ # Represents the intrinsic characteristics of a vulnerability that are
35
+ # constant over time and across user environments.
36
+ # @!attribute [rw] attack_complexity
37
+ # @return [::Grafeas::V1::CVSSv3::AttackComplexity]
38
+ # @!attribute [rw] privileges_required
39
+ # @return [::Grafeas::V1::CVSSv3::PrivilegesRequired]
40
+ # @!attribute [rw] user_interaction
41
+ # @return [::Grafeas::V1::CVSSv3::UserInteraction]
42
+ # @!attribute [rw] scope
43
+ # @return [::Grafeas::V1::CVSSv3::Scope]
44
+ # @!attribute [rw] confidentiality_impact
45
+ # @return [::Grafeas::V1::CVSSv3::Impact]
46
+ # @!attribute [rw] integrity_impact
47
+ # @return [::Grafeas::V1::CVSSv3::Impact]
48
+ # @!attribute [rw] availability_impact
49
+ # @return [::Grafeas::V1::CVSSv3::Impact]
50
+ class CVSSv3
51
+ include ::Google::Protobuf::MessageExts
52
+ extend ::Google::Protobuf::MessageExts::ClassMethods
53
+
54
+ module AttackVector
55
+ ATTACK_VECTOR_UNSPECIFIED = 0
56
+
57
+ ATTACK_VECTOR_NETWORK = 1
58
+
59
+ ATTACK_VECTOR_ADJACENT = 2
60
+
61
+ ATTACK_VECTOR_LOCAL = 3
62
+
63
+ ATTACK_VECTOR_PHYSICAL = 4
64
+ end
65
+
66
+ module AttackComplexity
67
+ ATTACK_COMPLEXITY_UNSPECIFIED = 0
68
+
69
+ ATTACK_COMPLEXITY_LOW = 1
70
+
71
+ ATTACK_COMPLEXITY_HIGH = 2
72
+ end
73
+
74
+ module PrivilegesRequired
75
+ PRIVILEGES_REQUIRED_UNSPECIFIED = 0
76
+
77
+ PRIVILEGES_REQUIRED_NONE = 1
78
+
79
+ PRIVILEGES_REQUIRED_LOW = 2
80
+
81
+ PRIVILEGES_REQUIRED_HIGH = 3
82
+ end
83
+
84
+ module UserInteraction
85
+ USER_INTERACTION_UNSPECIFIED = 0
86
+
87
+ USER_INTERACTION_NONE = 1
88
+
89
+ USER_INTERACTION_REQUIRED = 2
90
+ end
91
+
92
+ module Scope
93
+ SCOPE_UNSPECIFIED = 0
94
+
95
+ SCOPE_UNCHANGED = 1
96
+
97
+ SCOPE_CHANGED = 2
98
+ end
99
+
100
+ module Impact
101
+ IMPACT_UNSPECIFIED = 0
102
+
103
+ IMPACT_HIGH = 1
104
+
105
+ IMPACT_LOW = 2
106
+
107
+ IMPACT_NONE = 3
108
+ end
109
+ end
110
+ end
111
+ end
@@ -0,0 +1,144 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # This represents a particular channel of distribution for a given package.
23
+ # E.g., Debian's jessie-backports dpkg mirror.
24
+ # @!attribute [rw] cpe_uri
25
+ # @return [::String]
26
+ # Required. The cpe_uri in [CPE format](https://cpe.mitre.org/specification/)
27
+ # denoting the package manager version distributing a package.
28
+ # @!attribute [rw] architecture
29
+ # @return [::Grafeas::V1::Architecture]
30
+ # The CPU architecture for which packages in this distribution channel were
31
+ # built.
32
+ # @!attribute [rw] latest_version
33
+ # @return [::Grafeas::V1::Version]
34
+ # The latest available version of this package in this distribution channel.
35
+ # @!attribute [rw] maintainer
36
+ # @return [::String]
37
+ # A freeform string denoting the maintainer of this package.
38
+ # @!attribute [rw] url
39
+ # @return [::String]
40
+ # The distribution channel-specific homepage for this package.
41
+ # @!attribute [rw] description
42
+ # @return [::String]
43
+ # The distribution channel-specific description of this package.
44
+ class Distribution
45
+ include ::Google::Protobuf::MessageExts
46
+ extend ::Google::Protobuf::MessageExts::ClassMethods
47
+ end
48
+
49
+ # An occurrence of a particular package installation found within a system's
50
+ # filesystem. E.g., glibc was found in `/var/lib/dpkg/status`.
51
+ # @!attribute [rw] cpe_uri
52
+ # @return [::String]
53
+ # Required. The CPE URI in [CPE format](https://cpe.mitre.org/specification/)
54
+ # denoting the package manager version distributing a package.
55
+ # @!attribute [rw] version
56
+ # @return [::Grafeas::V1::Version]
57
+ # The version installed at this location.
58
+ # @!attribute [rw] path
59
+ # @return [::String]
60
+ # The path from which we gathered that this package/version is installed.
61
+ class Location
62
+ include ::Google::Protobuf::MessageExts
63
+ extend ::Google::Protobuf::MessageExts::ClassMethods
64
+ end
65
+
66
+ # This represents a particular package that is distributed over various
67
+ # channels. E.g., glibc (aka libc6) is distributed by many, at various
68
+ # versions.
69
+ # @!attribute [rw] name
70
+ # @return [::String]
71
+ # Required. Immutable. The name of the package.
72
+ # @!attribute [rw] distribution
73
+ # @return [::Array<::Grafeas::V1::Distribution>]
74
+ # The various channels by which a package is distributed.
75
+ class PackageNote
76
+ include ::Google::Protobuf::MessageExts
77
+ extend ::Google::Protobuf::MessageExts::ClassMethods
78
+ end
79
+
80
+ # Details on how a particular software package was installed on a system.
81
+ # @!attribute [rw] name
82
+ # @return [::String]
83
+ # Output only. The name of the installed package.
84
+ # @!attribute [rw] location
85
+ # @return [::Array<::Grafeas::V1::Location>]
86
+ # Required. All of the places within the filesystem versions of this package
87
+ # have been found.
88
+ class PackageOccurrence
89
+ include ::Google::Protobuf::MessageExts
90
+ extend ::Google::Protobuf::MessageExts::ClassMethods
91
+ end
92
+
93
+ # Version contains structured information about the version of a package.
94
+ # @!attribute [rw] epoch
95
+ # @return [::Integer]
96
+ # Used to correct mistakes in the version numbering scheme.
97
+ # @!attribute [rw] name
98
+ # @return [::String]
99
+ # Required only when version kind is NORMAL. The main part of the version
100
+ # name.
101
+ # @!attribute [rw] revision
102
+ # @return [::String]
103
+ # The iteration of the package build from the above version.
104
+ # @!attribute [rw] kind
105
+ # @return [::Grafeas::V1::Version::VersionKind]
106
+ # Required. Distinguishes between sentinel MIN/MAX versions and normal
107
+ # versions.
108
+ # @!attribute [rw] full_name
109
+ # @return [::String]
110
+ # Human readable version string. This string is of the form
111
+ # <epoch>:<name>-<revision> and is only set when kind is NORMAL.
112
+ class Version
113
+ include ::Google::Protobuf::MessageExts
114
+ extend ::Google::Protobuf::MessageExts::ClassMethods
115
+
116
+ # Whether this is an ordinary package version or a sentinel MIN/MAX version.
117
+ module VersionKind
118
+ # Unknown.
119
+ VERSION_KIND_UNSPECIFIED = 0
120
+
121
+ # A standard package version.
122
+ NORMAL = 1
123
+
124
+ # A special version representing negative infinity.
125
+ MINIMUM = 2
126
+
127
+ # A special version representing positive infinity.
128
+ MAXIMUM = 3
129
+ end
130
+ end
131
+
132
+ # Instruction set architectures supported by various package managers.
133
+ module Architecture
134
+ # Unknown architecture.
135
+ ARCHITECTURE_UNSPECIFIED = 0
136
+
137
+ # X86 architecture.
138
+ X86 = 1
139
+
140
+ # X64 architecture.
141
+ X64 = 2
142
+ end
143
+ end
144
+ end
@@ -0,0 +1,245 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Grafeas
21
+ module V1
22
+ # A security vulnerability that can be found in resources.
23
+ # @!attribute [rw] cvss_score
24
+ # @return [::Float]
25
+ # The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
26
+ # where 0 indicates low severity and 10 indicates high severity.
27
+ # @!attribute [rw] severity
28
+ # @return [::Grafeas::V1::Severity]
29
+ # The note provider assigned severity of this vulnerability.
30
+ # @!attribute [rw] details
31
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::Detail>]
32
+ # Details of all known distros and packages affected by this vulnerability.
33
+ # @!attribute [rw] cvss_v3
34
+ # @return [::Grafeas::V1::CVSSv3]
35
+ # The full description of the CVSSv3 for this vulnerability.
36
+ # @!attribute [rw] windows_details
37
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail>]
38
+ # Windows details get their own format because the information format and
39
+ # model don't match a normal detail. Specifically Windows updates are done as
40
+ # patches, thus Windows vulnerabilities really are a missing package, rather
41
+ # than a package being at an incorrect version.
42
+ # @!attribute [rw] source_update_time
43
+ # @return [::Google::Protobuf::Timestamp]
44
+ # The time this information was last changed at the source. This is an
45
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
46
+ # security tracker.
47
+ class VulnerabilityNote
48
+ include ::Google::Protobuf::MessageExts
49
+ extend ::Google::Protobuf::MessageExts::ClassMethods
50
+
51
+ # A detail for a distro and package affected by this vulnerability and its
52
+ # associated fix (if one is available).
53
+ # @!attribute [rw] severity_name
54
+ # @return [::String]
55
+ # The distro assigned severity of this vulnerability.
56
+ # @!attribute [rw] description
57
+ # @return [::String]
58
+ # A vendor-specific description of this vulnerability.
59
+ # @!attribute [rw] package_type
60
+ # @return [::String]
61
+ # The type of package; whether native or non native (e.g., ruby gems,
62
+ # node.js packages, etc.).
63
+ # @!attribute [rw] affected_cpe_uri
64
+ # @return [::String]
65
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
66
+ # vulnerability affects.
67
+ # @!attribute [rw] affected_package
68
+ # @return [::String]
69
+ # Required. The package this vulnerability affects.
70
+ # @!attribute [rw] affected_version_start
71
+ # @return [::Grafeas::V1::Version]
72
+ # The version number at the start of an interval in which this
73
+ # vulnerability exists. A vulnerability can affect a package between
74
+ # version numbers that are disjoint sets of intervals (example:
75
+ # [1.0.0-1.1.0], [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be
76
+ # represented in its own Detail. If a specific affected version is provided
77
+ # by a vulnerability database, affected_version_start and
78
+ # affected_version_end will be the same in that Detail.
79
+ # @!attribute [rw] affected_version_end
80
+ # @return [::Grafeas::V1::Version]
81
+ # The version number at the end of an interval in which this vulnerability
82
+ # exists. A vulnerability can affect a package between version numbers
83
+ # that are disjoint sets of intervals (example: [1.0.0-1.1.0],
84
+ # [2.4.6-2.4.8] and [4.5.6-4.6.8]) each of which will be represented in its
85
+ # own Detail. If a specific affected version is provided by a vulnerability
86
+ # database, affected_version_start and affected_version_end will be the
87
+ # same in that Detail.
88
+ # @!attribute [rw] fixed_cpe_uri
89
+ # @return [::String]
90
+ # The distro recommended [CPE URI](https://cpe.mitre.org/specification/)
91
+ # to update to that contains a fix for this vulnerability. It is possible
92
+ # for this to be different from the affected_cpe_uri.
93
+ # @!attribute [rw] fixed_package
94
+ # @return [::String]
95
+ # The distro recommended package to update to that contains a fix for this
96
+ # vulnerability. It is possible for this to be different from the
97
+ # affected_package.
98
+ # @!attribute [rw] fixed_version
99
+ # @return [::Grafeas::V1::Version]
100
+ # The distro recommended version to update to that contains a
101
+ # fix for this vulnerability. Setting this to VersionKind.MAXIMUM means no
102
+ # such version is yet available.
103
+ # @!attribute [rw] is_obsolete
104
+ # @return [::Boolean]
105
+ # Whether this detail is obsolete. Occurrences are expected not to point to
106
+ # obsolete details.
107
+ # @!attribute [rw] source_update_time
108
+ # @return [::Google::Protobuf::Timestamp]
109
+ # The time this information was last changed at the source. This is an
110
+ # upstream timestamp from the underlying information source - e.g. Ubuntu
111
+ # security tracker.
112
+ class Detail
113
+ include ::Google::Protobuf::MessageExts
114
+ extend ::Google::Protobuf::MessageExts::ClassMethods
115
+ end
116
+
117
+ # @!attribute [rw] cpe_uri
118
+ # @return [::String]
119
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
120
+ # vulnerability affects.
121
+ # @!attribute [rw] name
122
+ # @return [::String]
123
+ # Required. The name of this vulnerability.
124
+ # @!attribute [rw] description
125
+ # @return [::String]
126
+ # The description of this vulnerability.
127
+ # @!attribute [rw] fixing_kbs
128
+ # @return [::Array<::Grafeas::V1::VulnerabilityNote::WindowsDetail::KnowledgeBase>]
129
+ # Required. The names of the KBs which have hotfixes to mitigate this
130
+ # vulnerability. Note that there may be multiple hotfixes (and thus
131
+ # multiple KBs) that mitigate a given vulnerability. Currently any listed
132
+ # KBs presence is considered a fix.
133
+ class WindowsDetail
134
+ include ::Google::Protobuf::MessageExts
135
+ extend ::Google::Protobuf::MessageExts::ClassMethods
136
+
137
+ # @!attribute [rw] name
138
+ # @return [::String]
139
+ # The KB name (generally of the form KB[0-9]+ (e.g., KB123456)).
140
+ # @!attribute [rw] url
141
+ # @return [::String]
142
+ # A link to the KB in the [Windows update catalog]
143
+ # (https://www.catalog.update.microsoft.com/).
144
+ class KnowledgeBase
145
+ include ::Google::Protobuf::MessageExts
146
+ extend ::Google::Protobuf::MessageExts::ClassMethods
147
+ end
148
+ end
149
+ end
150
+
151
+ # An occurrence of a severity vulnerability on a resource.
152
+ # @!attribute [rw] type
153
+ # @return [::String]
154
+ # The type of package; whether native or non native (e.g., ruby gems, node.js
155
+ # packages, etc.).
156
+ # @!attribute [rw] severity
157
+ # @return [::Grafeas::V1::Severity]
158
+ # Output only. The note provider assigned severity of this vulnerability.
159
+ # @!attribute [rw] cvss_score
160
+ # @return [::Float]
161
+ # Output only. The CVSS score of this vulnerability. CVSS score is on a
162
+ # scale of 0 - 10 where 0 indicates low severity and 10 indicates high
163
+ # severity.
164
+ # @!attribute [rw] package_issue
165
+ # @return [::Array<::Grafeas::V1::VulnerabilityOccurrence::PackageIssue>]
166
+ # Required. The set of affected locations and their fixes (if available)
167
+ # within the associated resource.
168
+ # @!attribute [rw] short_description
169
+ # @return [::String]
170
+ # Output only. A one sentence description of this vulnerability.
171
+ # @!attribute [rw] long_description
172
+ # @return [::String]
173
+ # Output only. A detailed description of this vulnerability.
174
+ # @!attribute [rw] related_urls
175
+ # @return [::Array<::Grafeas::V1::RelatedUrl>]
176
+ # Output only. URLs related to this vulnerability.
177
+ # @!attribute [rw] effective_severity
178
+ # @return [::Grafeas::V1::Severity]
179
+ # The distro assigned severity for this vulnerability when it is available,
180
+ # otherwise this is the note provider assigned severity.
181
+ # @!attribute [rw] fix_available
182
+ # @return [::Boolean]
183
+ # Output only. Whether at least one of the affected packages has a fix
184
+ # available.
185
+ class VulnerabilityOccurrence
186
+ include ::Google::Protobuf::MessageExts
187
+ extend ::Google::Protobuf::MessageExts::ClassMethods
188
+
189
+ # A detail for a distro and package this vulnerability occurrence was found
190
+ # in and its associated fix (if one is available).
191
+ # @!attribute [rw] affected_cpe_uri
192
+ # @return [::String]
193
+ # Required. The [CPE URI](https://cpe.mitre.org/specification/) this
194
+ # vulnerability was found in.
195
+ # @!attribute [rw] affected_package
196
+ # @return [::String]
197
+ # Required. The package this vulnerability was found in.
198
+ # @!attribute [rw] affected_version
199
+ # @return [::Grafeas::V1::Version]
200
+ # Required. The version of the package that is installed on the resource
201
+ # affected by this vulnerability.
202
+ # @!attribute [rw] fixed_cpe_uri
203
+ # @return [::String]
204
+ # The [CPE URI](https://cpe.mitre.org/specification/) this vulnerability
205
+ # was fixed in. It is possible for this to be different from the
206
+ # affected_cpe_uri.
207
+ # @!attribute [rw] fixed_package
208
+ # @return [::String]
209
+ # The package this vulnerability was fixed in. It is possible for this to
210
+ # be different from the affected_package.
211
+ # @!attribute [rw] fixed_version
212
+ # @return [::Grafeas::V1::Version]
213
+ # Required. The version of the package this vulnerability was fixed in.
214
+ # Setting this to VersionKind.MAXIMUM means no fix is yet available.
215
+ # @!attribute [rw] fix_available
216
+ # @return [::Boolean]
217
+ # Output only. Whether a fix is available for this package.
218
+ class PackageIssue
219
+ include ::Google::Protobuf::MessageExts
220
+ extend ::Google::Protobuf::MessageExts::ClassMethods
221
+ end
222
+ end
223
+
224
+ # Note provider assigned severity/impact ranking.
225
+ module Severity
226
+ # Unknown.
227
+ SEVERITY_UNSPECIFIED = 0
228
+
229
+ # Minimal severity.
230
+ MINIMAL = 1
231
+
232
+ # Low severity.
233
+ LOW = 2
234
+
235
+ # Medium severity.
236
+ MEDIUM = 3
237
+
238
+ # High severity.
239
+ HIGH = 4
240
+
241
+ # Critical severity.
242
+ CRITICAL = 5
243
+ end
244
+ end
245
+ end